Containers

Category: Amazon Elastic Kubernetes Service

Three things to consider when implementing Mutual TLS with AWS App Mesh

Mutual Transport Layer Security (mTLS) is an extension of TLS, where both the client and server leverage X.509 digital certificates to authenticate each other before starting communications. Both parties present certificates to each other and validate the other’s certificate. The key difference from any usual TLS communication is that when using mutual TLS, each client must […]

Diving into IAM Roles for Service Accounts

A common challenge architects face when designing a Kubernetes solution on AWS is how to grant containerized workload permissions to access an AWS service or resource. AWS Identity and Access Management (IAM) provides fine-grained access control where you can specify who can access which AWS service or resources, ensuring the principle of least privilege. The challenge […]

Image showing architecture

How to route UDP traffic into Kubernetes

Since its release, Amazon Elastic Kubernetes Service (Amazon EKS) has been helping customers to run their applications reliably and at scale. UDP, or User Datagram Protocol, is a low-latency protocol that is ideal for workloads such as real-time streaming, online gaming, and IoT. The Network Load Balancer (NLB) is designed to handle tens of millions […]

Introducing Amazon CloudWatch Container Insights for Amazon EKS Fargate using AWS Distro for OpenTelemetry

Introduction Amazon CloudWatch Container Insights helps customers collect, aggregate, and summarize metrics and logs from containerized applications and microservices. Metrics data is collected as performance log events using the embedded metric format. These performance log events use a structured JSON schema that enables high-cardinality data to be ingested and stored at scale. From this data, […]

Continuous Delivery of Amazon EKS Clusters Using AWS CDK and CDK Pipelines

This blog is no longer up to date and we recommend reviewing the Amazon EKS Blueprints for CDK Pipeline SDK module which makes it easier to create infrastructure Continuous Delivery pipelines via AWS CodePipeline. Customers are looking for ways to automate the deployment of their Amazon EKS clusters across different versions, environments, accounts, and Regions. […]

Protect Kubernetes workloads from Apache Log4j vulnerabilities

Log4j is among the most popular and highly used logging frameworks in Java-based applications. On December 9, 2021, the world became aware of zero-day vulnerabilities CVE-2021-44228 and CVE-2021-45105 affecting the popular Apache package. Any attacker who can control log messages or log message parameters can execute arbitrary code loaded from malicious LDAP servers when message […]

GitOps model for provisioning and bootstrapping Amazon EKS clusters using Crossplane and Flux

In an earlier blog (Part 1 of the series), I discussed the adoption of the GitOps model as an efficient strategy for provisioning cloud provider-specific managed resources, such as, for example, Amazon S3 bucket and Amazon RDS instance, that application workloads depend on. The blog presented the details of implementing a use case where an Amazon […]

Amazon EKS launches IPv6 support

The ongoing growth of the internet, particularly in the fields of mobile applications, IoT, and application modernization, has led to an industry-wide move to IPv6. With 128 bits of address space, IPv6 can provide 340 undecillion IP addresses, compared to 4.3 billion IPv4 addresses. Over the last several years, Amazon Web Services (AWS) has added […]

Connecting Google Kubernetes Engine (GKE) Clusters to Amazon EKS

Customers running Google Kubernetes Engine (GKE) clusters can now use the Amazon Elastic Kubernetes Service (Amazon EKS) to visualize GKE cluster resources. This post describes how to use Amazon EKS Connector to connect a GKE cluster to the Amazon EKS console. The EKS console provides a single pane of glass to visualize all your Kubernetes […]

Three architectural options for routing traffic to multiple Amazon EKS clusters

Onfido’s Journey to a Multi-Cluster Amazon EKS Architecture

This blog was coauthored by Eugene Malihins, Senior DevOps Engineer at Onfido, and Olly Pomeroy, Containers Specialist SA at Amazon Web Services Who is Onfido? Onfido is setting the new standard for digital access. The company digitally proves a user’s real identity using artificial intelligence (AI) by verifying a photo ID and comparing it to […]